• hth@lemmy.world
    link
    fedilink
    English
    arrow-up
    127
    arrow-down
    12
    ·
    edit-2
    1 year ago

    Anytime you see a password length cap you know they are not following current security standards. If they aren’t following them for something so simple and visible, you’d better believe it’s a rat infested pile of hot garbage under the hood, as evidenced here.

    • Primarily0617@kbin.social
      link
      fedilink
      arrow-up
      60
      arrow-down
      2
      ·
      edit-2
      1 year ago

      you have to limit it somewhere or you’re opening yourself up for a DoS attack

      password hashing algorithms are literally designed to be resource intensive

        • Primarily0617@kbin.social
          link
          fedilink
          arrow-up
          13
          ·
          edit-2
          1 year ago

          Incorrect.

          They’re designed to be resource intensive to calculate to make them harder to brute force, and impossible to reverse.

          Some literally have a parameter which acts as a sliding scale for how difficult they are to calculate, so that you can increase security as hardware power advances.

          • confusedbytheBasics@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I was incorrect but I still disagree with you. The hashing function is not designed to be resource intensive but to have a controlled cost. Key stretching by adding rounds repeats the controlled cost to make computing the final hash more expensive but the message length passed to the function isn’t really an issue. After the first round it doesn’t matter if the message length was 10, 128, or 1024 bytes because each round after is only getting exactly the number of bytes the one way hash outputs.

              • confusedbytheBasics@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I’m a bit behind on password specific hashing techniques. Thanks for the education.

                My background more in general purpose one way hashing functions where we want to be able to calculate hashes quickly, without collisions, and using a consistent amount of resources.

                If the goal is to be resource intensive why don’t modern hashing functions designed to use more resources? What’s the technical problem keeping Argon2 from being designed to eat even more cycles?

        • andrew@lemmy.stuart.fun
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Not true. Password hashing algorithms should be resource intensive enough to prevent brute force calculation from being a viable route. This is why bcrypt stores a salt, a hash, and the current number of rounds. That number of rounds should increase as CPUs get faster to prevent older hashes from existing in the wild which can be more effectively broken by newer CPUs.

          • confusedbytheBasics@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I was incorrect about the goal being minimal resources. I should have written that that goal was to have controlled resource usage. The salt does not increase the expense of the the hash function. Key stretching techniques like adding rounds increase the expense to reach the final hash output but does not increase the expense of the hash function. High password length allowances of several thousand characters should not lead to a denial of service attack but they don’t materially increase security after a certain length either.

            • andrew@lemmy.stuart.fun
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:

              bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.

              Blowfish being a symmetric encryption cipher, not a hashing function.

              Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.

              • confusedbytheBasics@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Semantics aside it sounds like we are in agreement. Have another upvote. :)

                Why does upvoting feel better without a karma system? shrug

    • crunchyoutside@kbin.social
      link
      fedilink
      arrow-up
      55
      ·
      1 year ago

      Are you saying that any site which does not allow a 27 yobibyte long password is not following current security standards?
      I think a 128 character cap is a very reasonable compromise between security and sanity.

    • Saneless@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      1 year ago

      At least it’s 128

      I had a phone carrier that changed from a pin to a “password” but it couldn’t be more than 4 characters

    • intensely_human@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      At my job they just forced me to use a minimum 15-character password. Apparently my password got compromised, or at least that was someone’s speculation because apparently not everyone is required to have a 15-char password.

      My job is retail, and I type my password about 50 times a day in the open, while customers and coworkers and security cameras are watching me.

      I honestly don’t know how I’m expected to keep my password secure in these circumstances. We should have physical keys or biometrics for this. Passwords are only useful when you enter them in private.

      • captainlezbian@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Yeah you should have a key card. Like not even from a security perspective but from an efficiency one. Tap a keycard somewhere that would be easily seen if an unauthorized person were to even touch or even swipe it if need be. I’m sick and tired of passwords at workplaces when they can be helped

        • intensely_human@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          It’s an enormous corporation. They’d have to outfit every computer in the building for the yubikey. It’s not going to happen.

    • DreamButt@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      8
      ·
      1 year ago

      In theory yes. But in practice the DB will almost always have some cap on the field length. They could just be exposing that all the way forward. Especially depending on their infastructure it could very well be that whatever modeling system they use is tightly integrated with their form generation too. So the dev (junior or otherwise) thought it would be a good idea to be explicit about the requirement

      That said, you are right that this is still wrong. They should use something with a large enough cap that it doesn’t matter and also remove the copy telling the use what that cap is

        • intensely_human@lemm.ee
          link
          fedilink
          English
          arrow-up
          14
          arrow-down
          4
          ·
          1 year ago

          Right but that puts a limit on the hash algorithm’s input length. After a certain length you can’t guarantee a lack of collisions.

          Of course the probability stays low, but at a certain point it becomes possible.

          • brygphilomena@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            Collisions have always been a low concern. If, for arguments sake, I.hate.password. had a collision with another random password like kag63!gskfh-$93+"ja the odds of the collision password being cracked would be virtually non-existent. It’s not a statistically probable occurrence to be worried about.

          • __dev@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            This is plainly false. Hash collisions aren’t more likely for longer passwords and there’s no guarantee there aren’t collisions for inputs smaller than the hash size. The way secure hashing algorithms avoid collisions is by making them astronomically unlikely and that doesn’t change for longer inputs.

      • BorgDrone@lemmy.one
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 year ago

        You misunderstand the issue. The length of the password should not have any effect on the size of the database field. The fact that it apparently does is a huge red flag. You hash the password and store the hash in the db. For example, a sha256 hash is always 32 bytes long, no matter how much data you feed into it (btw, don’t use sha256 to hash passwords, it was just an example. It’s not a suitable password hashing algorithm as it’s not slow enough).

        • DreamButt@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          1 year ago

          ur absolutely right. Idk why I was thinking about it like a normal text/char field

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      It makes sense for some hashing algorithms (some only take 40 bytes, for instance, which is 20 characters of UTF-16 on Java or native Windows), though the modern hashing methods will take more than enough bytes to make most password size limits obsolete.

      I don’t see the problem with a 128 character limit, though. I would’ve used 64 myself, not like it makes any difference.